When I set bootstrap.memory_lock: true in ES cluster for k8s failed

the k8s yaml is below:
···
apiVersion: v1
kind: Service
metadata:
name: elasticsearch-headless
labels:
app: elasticsearch-headless
spec:
selector:
app: elasticsearch
ports:

  • protocol: TCP
    port: 9300
    targetPort: 9300
    name: transport
    clusterIP: None

apiVersion: v1
kind: Service
metadata:
name: elasticsearch
labels:
app: elasticsearch
spec:
selector:
app: elasticsearch
ports:

  • name: http
    port: 9200
    protocol: TCP
  • name: transport
    port: 9300
    protocol: TCP

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: elasticsearch
labels:
app: elasticsearch
spec:
selector:
matchLabels:
app: elasticsearch
serviceName: elasticsearch-headless
replicas: 3
template:
metadata:
labels:
app: elasticsearch
spec:
securityContext:
fsGroup: 1000
containers:

  • name: elasticsearch
    securityContext:
    capabilities:
    add:

Lock memory (mlock(2), mlockall(2), mmap(2), shmctl(2))

  • IPC_LOCK

Override resource Limits

  • SYS_RESOURCE
    image: elasticsearch:6.8.14
    imagePullPolicy: IfNotPresent
    lifecycle:
    postStart:
    exec:
    command:
  • sh
  • -c
  • |
    chown -R 1000:1000 /usr/share/elasticsearch/data
    sysctl -w vm.max_map_count=262144
    ulimit -n 65536
    ulimit -u 4096
    ulimit -l unlimited
    echo -e "* soft nofile 65536\n* hard nofile 65536\n* soft nproc 32000\n* hard nproc 32000\n* hard memlock unlimited\n* soft memlock unlimited" >> /etc/security/limits.conf
    echo -e "DefaultLimitNOFILE=65536\nDefaultLimitNPROC=32000\nDefaultLimitMEMLOCK=infinity" >> /etc/systemd/system.conf
    ports:
  • containerPort: 9300
    name: transport
    protocol: TCP
  • containerPort: 9200
    name: http
    protocol: TCP
    env:
  • name: NAMESPACE
    valueFrom:
    fieldRef:
    fieldPath: metadata.namespace
  • name: POD_NAME
    valueFrom:
    fieldRef:
    fieldPath: metadata.name
  • name: POD_IP
    valueFrom:
    fieldRef:
    fieldPath: status.podIP
  • name: "ES_JAVA_OPTS"
    value: "-Xms2g -Xmx2g"
    volumeMounts:
  • name: localtime
    mountPath: /etc/localtime
  • name: es-yml
    mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
    subPath: elasticsearch.yml
  • name: gistack-es
    mountPath: /usr/share/elasticsearch/data
    volumes:
  • name: localtime
    hostPath:
    path: /usr/share/zoneinfo/Asia/Shanghai
  • name: es-yml
    configMap:
    defaultMode: 0755
    name: elasticsearch-yml
    volumeClaimTemplates:
  • metadata:
    name: gistack-es
    spec:
    accessModes: [ "ReadWriteOnce" ]
    resources:
    requests:
    storage: 20Gi

kind: ConfigMap
apiVersion: v1
metadata:
name: elasticsearch-yml
data:
elasticsearch.yml: |

attaching the namespace to the cluster.name to differentiate different clusters

ex. elasticsearh-acceptance, elasticsearh-production, elasticsearh-monitoring

cluster.name: "elasticsearch"

github:when I set bootstrap.memory_lock: true in ES cluster for k8s failed · Issue #75609 · elastic/elasticsearch · GitHub

# attaching the namespace to the cluster.name to differentiate different clusters
# ex. elasticsearh-acceptance, elasticsearh-production, elasticsearh-monitoring
cluster.name: "elasticsearch"
# we provide a node.name that is the POD_NAME-NAMESPACE
# ex. elasticsearh-0-acceptance, elasticsearh-1-acceptance, elasticsearh-2-acceptance
node.name: "${POD_NAME}-${NAMESPACE}"

network.host: ${POD_IP}

# A hostname that resolves to multiple IP addresses will try all resolved addresses 
# we provide the name for the headless service 
# which resolves to the ip addresses of all the live attached pods
# alternatively we can directly reference the hostnames of the pods
discovery.zen.ping.unicast.hosts: elasticsearch-headless

# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# more info: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 2

bootstrap.memory_lock: true

# Disable X-pack 
xpack.ml.enabled: false

#-------------------------------------------------------------------------------------
# RECOVERY: https://www.elastic.co/guide/en/elasticsearch/guide/current/important-configuration-changes.html
# SETTINGS TO avoid the excessive shard swapping that can occur on cluster restarts
#-------------------------------------------------------------------------------------
# how many nodes shall be present to consider the cluster functional;
# prevents Elasticsearch from starting recovery until these nodes are available
gateway.recover_after_nodes: 2

# how many nodes are expected in the cluster
gateway.expected_nodes: 3

# how long we want to wait after [gateway.recover_after_nodes] is reached in order to start recovery process (if applicable). 
gateway.recover_after_time: 5m
#-------------------------------------------------------------------------------------

# The following settings control the fault detection process using the discovery.zen.fd prefix:
# How often a node gets pinged. Defaults to 1s.
discovery.zen.fd.ping_interval: 1s

# How long to wait for a ping response, defaults to 30s.
discovery.zen.fd.ping_timeout: 10s

# How many ping failures / timeouts cause a node to be considered failed. Defaults to 3.
discovery.zen.fd.ping_retries: 2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.